In January, Socitm published its Public Sector Digital Trends report for 2025. The Institute team undertake months of research to create 'trends' rather than predictions. 'Trends' are about enduring change -- those digital impacts and technology developments that will, over time, have a lasting effect, Carol Williams explains
My dual roles within local public services and the membership charity Socitm give me access to wonderful people and ideas. We are a sector which has a remarkable ability to adapt and innovate despite adversity. This latest piece of work from Socitm will chime with my colleagues across public service. It’s a call to action for all of us to think beyond traditional constructs.
Here I’m focusing in on the cyber security part of the report and narrowing in on local support and AI – acknowledging the threats but also some of the ways in which AI is already being used to secure our data and anticipate these new threats.
Cyber security focus – not just for 2025
As conflicts escalate beyond borders, all our organisations are being urged to bolster their cyber defences.
Making sure we’re protected from unauthorised access to data and systems, as well as preventing data loss or leakage, is always a top priority.
We in the public sector, as everywhere, need to adopt robust strategies to stay ahead of new threats and risks. Risks such as AI, distributed cloud models and the increasing use of IoT devices.
Use your local experts
The Cyber Technical Advisory Group (CTAG) and Warning, Advice and Reporting Points (WARPs) have generated significant benefits for local public service organisations.
CTAG has facilitated the development of best practice assets, such as securing Office 365 guidance and incident response policies. These are widely circulated and adopted by WARPs and councils. The collaboration has led to increased cyber maturity across local authorities.
WARPs are community-based services. Members receive and share up-to-date advice on information security threats, incidents and solutions. Reducing the burden on individual organisations.
Overall, the synergy between CTAG and WARPs has strengthened the cyber resilience of public services and critical infrastructure, ensuring they remain safe and up to date in a fast-paced digital landscape. Come along to CTAG workshops and find and join your local WARP here.
Incidents
Socitm’s analysis reveals several significant challenges that councils may face because of cyber incidents: complete loss of access to IT systems and data; service disruption; data exfiltration and potential breaches; communication difficulties; balancing service restoration with security considerations; resource constraints; rapid decision-making and response; and a need for enhanced security measures.
This all underscores the importance of having robust business continuity plans, IT disaster recovery plans, effective communication strategies, and enhanced security measures in place to manage and recover from cyber incidents.
Managing a cyber-attack and recovery plan
Gloucester City Council experienced a sophisticated ransomware attack that encrypted its servers and disrupted services. The attack began with a spear-phishing email, which led to malware installation and eventual data exfiltration and server encryption. You can read more here.
Emerging threats
We expect to see growing trends in AI-driven cyber-attacks – sophisticated phishing, social engineering and deepfake attacks. Leading to identity theft, influence, discredit, fraud and bypassing security measures.
Cloud and IoT vulnerabilities – targeting vulnerabilities in cloud environments and IoT devices, along with the continuous threat of ransomware, multifaceted extortion tactics and supply chain attacks.
How and where is AI helping public services?
As much as AI poses more risks to our cyber security, we can make use of it just as criminals do.
It’s starting to play a pivotal role in enhancing cyber protection and resilience in:
1. Threat detection and prevention:
Machine learning (ML) can analyse vast amounts of data from network traffic, system logs and user activity to identify patterns and anomalies that may indicate a cyber threat.
Intrusion Detection and Prevention Systems – AI helps to detect and block intrusions by analysing network traffic in real-time and flagging unusual login patterns and data exfiltration attempts.
Malware detection – AI can identify new and evolving forms of malware by analysing characteristics or behaviours instead of relying on predefined signature databases.
Where?
Cybersecurity and Infrastructure Security Agency (USA) Einstein uses AI and ML to continuously monitor and protect government agencies from cyberattacks by detecting anomalies and blocking malicious activities in real time.
2. Automated response and mitigation
AI can automate incident response processes, reducing the time it takes to mitigate threats. For example, AI-driven systems can isolate affected parts of a network, apply patches and restore services without human intervention enabling faster containment and mitigation of security breaches.
Where? National Cyber Security Centre (UK)
The NCSC has incorporated AI into its cybersecurity frameworks to automate the detection of threats and mitigate attacks before they escalate.
This includes the automated identification and isolation of potentially compromised systems within critical national infrastructure.
3. Vulnerability management
AI can help in identifying, classifying and prioritising vulnerabilities within systems and software.
By constantly scanning and assessing the cyber landscape, AI can highlight the likelihood of exploitation.
Where? Australian Cyber Security Centre
The ACSC uses AI to automate the identification and remediation of vulnerabilities across government networks, helping agencies improve their resilience to cyberattacks.
4. Phishing detection
AI can analyse emails and other communications to identify phishing attempts. Natural language processing and ML models can identify suspicious content and warn users before they fall victim to scams.
Where? Canadian Centre for Cyber Security
The CCCS uses AI-powered systems to detect and prevent phishing attacks aimed at federal government employees and the public sector in general. Their tool automatically flags suspicious emails and links in real-time, reducing the risk of successful phishing attacks.
5. Security analytics
AI enhances abilities to analyse security logs and other data sources to uncover hidden threats. Advanced analytics can correlate events across different systems to provide a comprehensive view of the security landscape.
Where? European Union Agency for Cybersecurity
They use ML algorithms to map out the AI threat landscape, identify trends and forecast emerging threats.
In summary
Using AI in our cybersecurity will help us to be more resilient against threats. Supporting faster detection, more effective responses, and better overall security management.
Digital leaders: things to think about and do
Basic
Maintain vigilance to protect applications and network infrastructure from unauthorised access; be proactive in addressing emerging threats; stay updated with compliance and regulatory requirements; and maintain patching and virus checking.
Good
Foster a culture of continuous education and awareness among all employees, staying informed about the latest trends and tactics; and undertake end-to-end testing, compliance checking, change control, regular training sessions, simulations, and updates on emerging cyber risks to empower staff to identify and respond to threats effectively.
Best
Engage senior and political leaders, ensuring that cyber reporting is a routine focus; develop cyber strategies and policies which integrate cyber resilience into a broader organisational picture. Including connections between IT disaster recovery, business continuity planning, emergency response and digital service dependencies – within wider civic resilience planning and testing; and establish a Security Operations Centre, cross-border collaboration and strong supplier management.
What’s working for you? Are you using AI to defend yourself against AI?!
About the author Carol Williams is Director, Transformation and Digital and SIRO for Walsall Council, Socitm President 2024-25
